JCL to Escalate Privileges

Elevate privileges for user. Adds SYSTEM SPECIAL and BPX.SUPERUSER to user profile. Does this by using an unsecured/updateable APF authorized library APFLIB and updating the user's ACEE using this program/library. Note: This privesc only works with z/OS systems using RACF, no other ESM is...

cics-enum NSE Script

CICS transaction ID enumerator for IBM mainframes. This script is based on mainframebrute by Dominic White . However, this script doesn't rely on any third party libraries or tools and instead uses the NSE TN3270 library which emulates a TN3270 screen in lua. CICS only allows for 4 byte transacti...

vtam-enum NSE Script

Many mainframes use VTAM screens to connect to various applications CICS, IMS, TSO, and many more. This script attempts to brute force those VTAM application IDs. This script is based on mainframebrute by Dominic White . However, this script doesn't rely on any third party libraries or tools and...

tn3270-screen NSE Script

Connects to a tn3270 'server' and returns the screen. Hidden fields will be listed below the screen with row, col coordinates. Script Arguments tn3270-screen.commands a semi-colon separated list of commands you want to issue before printing the screen tn3270-screen.lu specify a logical unit you...

FTP JCL Execution

Submit JCL to z/OS via FTP and SITE FILE=JES. This exploit requires valid credentials on the target system This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FTP JCL Execution', 'Description' =...

Z/OS (MVS) Command Shell, Reverse TCP

Provide JCL which creates a reverse shell This implementation does not include ebcdic character translation, so a client with translation capabilities is required. MSF handles this automatically. This module requires Metasploit: https://metasploit.com/download Current source:...

Generic JCL Test for Mainframe Exploits

Provide JCL which can be used to submit a job to JES2 on z/OS which will exit and return 0. This can be used as a template for other JCL based payloads This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework This is a prototy...

IBM Capacity Management Analytics Local Information Disclosure Vulnerability

IBM Capacity Management Analytics is a suite of capacity management analytics solutions from IBM USA for managing and predicting the usage of IBM zEnterprise infrastructure mainframe computer resources. A local information disclosure vulnerability exists in IBM Capacity Management Analytics. A...

Z/OS (MVS) Command Shell, Reverse TCP Inline

Listen for a connection and spawn a command shell. This implementation does not include ebcdic character translation, so a client with translation capabilities is required. MSF handles this automatically. This module requires Metasploit: https://metasploit.com/download Current source:...

nje-node-brute NSE Script

z/OS JES Network Job Entry NJE target node name brute force. NJE node communication is made up of an OHOST and an RHOST. Both fields must be present when conducting the handshake. This script attemtps to determine the target systems NJE node name. To initiate NJE the client sends a 33 byte record...

Mainframe/System Z Bind Shell

Mainframe/System Z Bind Shell. Shellcode exploit for systemz platform TITLE 'sbshellcode.s x Author: Bigendian Smalls' ACONTROL AFPR SBSHELL CSECT SBSHELL AMODE 31 SBSHELL RMODE ANY SYSSTATE ARCHLVL=2 ENTRY MAIN MAIN DS 0F Begin setup and stack management STM 6,4,1213 store all the registers in o...

IBM launches LinuxONE: Linux-only Mainframe Systems

World's largest hardware supplier of mainframe computers IBM International Business Machine Corp. has launched two mainframe servers that run only on Linux operating system. IBM used RAS as a term to describe the strength of the mainframe computers; RSA stands for Reliability, Availability, and...

UBUNTU-CVE-2014-3534

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACEPOKEUSRAREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a...

PT-2014-4444 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.13.5 Description: The issue is related to the improper handling of the linkage stack in the Linux kernel on the s390 platform. This can be exploited by local users to cause a denial of service, resulting in a...

[Racfsnow] Password cracker for RACF (IBM mainframe)

RACFSNOW is a highly optimised PC program for performing a dictionary attack against a RACF database, with the option of using a database unload IRRDBU00 to validate the User IDs to attack. It uses an ini file to control various parameters to enable focusing the attack on certain user IDs and or...

IBM System Storage DS Storage Manager Profiler - Multiple Vulnerabilities

IBM System Storage DS Storage Manager Profiler - Multiple Vulnerabilities IBM System Storage DS Storage Manager Profiler Multiple Vulnerabilities Vendor: IBM Corporation Product web page: http://www.ibm.com Affected version: 4.8.6 Summary: Through its extraordinary flexibility, reliability, and...

CVE-2011-1683

IBM WebSphere Application Server WAS 6.0.x through 6.0.2.43, 6.1.x before 6.1.0.37, and 7.0.x before 7.0.0.17 on z/OS, when a Local OS user registry or Federated Repository with RACF adapter is used, allows remote attackers to obtain unspecified application access via unknown vectors...

Generic Payload Handler

This module is a stub that provides all of the features of the Metasploit payload system to exploits that have been launched outside of the framework. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

Buffer overflow

Multiple buffer overflows in TIBCO Hawk 1 AMI C library libtibhawkami and 2 Hawk HMA tibhawkhma, as used in TIBCO Hawk before 4.8.1; Runtime Agent TRA before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute...

CVE-2008-3338

Multiple buffer overflows in TIBCO Hawk 1 AMI C library libtibhawkami and 2 Hawk HMA tibhawkhma, as used in TIBCO Hawk before 4.8.1; Runtime Agent TRA before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute...